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PRELIMESTARY AMENDMENT 



Dear Sir: 



Prior to examination, please amend the application as follows: 



IN THE SPECIFICATION 



Page 1, between line 4 and line 5, insert: - FIELD OF THE INVENTION-; 
Page 1 between line 12 and line 13, insert: -BACKGROUND OF THE 
INVENTION-; 

Page 2, between line 24 and line 25, insert: -SUMMARY OF THE 
INVENTION-; 

Page 4, before line 1, insert: -BRIEF DESCRIPTION OF THE DRAWINGS-; 
and 

Page 4, between line 13 and line 14, insert: -DETAILED DESCRIPTION-. 
Please cancel Claim 3. 



(Amended) A method for secure loading of secret data from a first security 
module to at least one second security module, wherein said first module 
comprising at least one file of secret data, said second module comprises a first 
non-volatile memory and a second volatile memory, characterized in that it 
comprises the steps of: 



CLAIMS 



generating at least one random data item within the second memory in the 
second module, 

recording information comprising said random data item within the first 

memory of the second module, 

sending the random data item to the first module, 

within the first module, encrypting a secret data item in the file of said 
first module based on the random data item and an encryption algorithm, 
sending said encrypted secret data item to the second module, 
transferring information comprising the random data item stored in the 
first memory of the second module, fi-om said first memory to the second 
memory of said module, 

decrypting said encrypted secret data item, based on a decryption 
algorithm and the random data item, and recording, within the second 
module, said decrypted secret data item. 

2. (Amended) A method according to Claim 1, characterized in that it comprises a 
fiirther step of: 

after transferring the information comprising the random data item from 
the first memory of the second module in the second memory of said 
module, erasing said information from said first memory, 

4. (Amended) A method according to Claim 1, characterized in that the steps of 
generating and sending the random data item as well as recording the information 
in the second module, are performed by means of a first command. 

5. (Amended) A method according to Claim 1, characterized in that the steps of 
transferring information decrypting the secret data item in the second module and 
recording are performed by means of a second command. 

6. (Amended) A method according to Claim 1, characterized in that the information 
which comprises said random data item, comprises an index relating to a secret 
data item. 

7. (Amended) A method according to Claim 1, characterized in that several random 
data items are generated in the second memory of the second module and, after 
each random data item generation, information comprising the generated random 
data item is recorded in the first memory of the second module. 

3. (Amended) A method according to Claim 1, characterized in that, on each loading 
operation, a random data item is used for loading a secret data item, 

). (Amended) A method according to Claim 1, characterized in that, on each loading 
operation, a unique random data item is used for loading several secret data items. 
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Full examination and favorable action are requested. 
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Reference No. 09669/010001. 
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APPENDIX A - MARKED-UP VERSION OF THE AMENDED CLAIMS 

The material to be deleted is in brackets and in boldface. 



CLAIMS 

1 . A method for secure loading of secret data from a first security module [(S)] to at 
least one second security module [(SAM)], wherein said first module [(S)] 
comprising at least one file [(EFl)] of secret data [(DATA)], said second module 
[(SAM)] comprises a first non-volatile memory [(Ml)] and a second volatile 
memory [(M2)], characterized in that it comprises the steps of: 

generating at least one random data item [(RAND)] within the second 

memory [(M2)] in the second module [(SAM)], 

recording information [(INFO)] comprising said random data item 

[(RAND)] within the first memory [(Ml)] of the second module [(SAM)], 

sending the random data item [(RAND)] to the first module [(S)], 

within the first module [(S)], encrypting a secret data item [(DATA)] in 

the file [(EFl)] of said first module [(S)] based on the random data item 

[(RAND)] and an encryption algorithm [(ALGO)], 

sending said encrypted secret data item [(DATAC)] to the second module 

[(SAM)], 

transferring information [(INFO)] comprising the random data item 
[(RAND)] stored in the first memory [(Ml)] of the second module 
[(SAM)], from said first memory [(Ml)] to the second memory [(M2)] of 
said module [(SAM)], 

decrypting said encrypted secret data item [(DATAC)], based on a 
decryption algorithm [(ALGOP)] and the random data item [(RAND)], 
and recording, within the second module [(SAM)], said decrypted secret 
data item [(DATA)]. 



A method according to one of the preceding claims, characterized in that it 

comprises a fiirther step of: 

after fransferring the information [(INFO)] comprising the random data 
item [(RAND)] from the first memory [(Ml)] of the second module 
[(SAM)] in the second memory [(M2)] of said module, erasing said 
information [(INFO)] from said first memory [(Ml)]. 

A method according to any one of the preceding claims, characterized in that the 
steps of generating and sending the random data item [(RAND)] as well as 
recording the information [(INFO)] in the second module [(SAM)], are 
performed by means of a first command [(ASKLOADING)]. 

A method according to any one of the preceding claims, characterized in that the 
steps of fransferring information [(INFO)] decryptmg the secret data item 
[(DATA)] in the second module [(SAM)] and recording are performed by means 
of a second command [(ADMINRECOVER)]. 



A method according to any one of the preceding claims, characterized in that the 
information [(INFO)] which comprises said random data item [(RAND)], 
comprises an index relating to a secret data item [(DATA)]. 

A method according to any one of the preceding claims, characterized in that 
several random data items [(RAND)] are generated in the second memory [(M2)] 
of the second module [(SAM)] and, after each random data item [(RAND)] 
generation, information [(INFO)] comprising the generated random data item 
[(RAND)] is recorded in the first memory [(Ml)] of the second module [(SAM)] 

A method according to any one of the preceding claims, characterized in that, on 
each loading operation, a random data item [(RAND)] is used for loading a secret 
data item [(DATA)]. 

A method according to any one of claims 1 to 7, characterized in that, on each 
loading operation, a unique random data item [(RAND)] is used for loading 
several secret data items [(DATA)]. 



09/ 936 




- 1 - 



531 »dF 




17 SEP 2001 



METHOD OF SECURE LOADING OF DATA BETWEEN SECURITY 

MODULES 



The present invention relates to a method of secure 
loading of secret data from a first security module to 
at least one second security module, wherein said first 
module having at least one secret data file, said second 
module having a first non-volatile memory and a second 
volatile memory. 

This invention can advantageously be applied to the 
field of telephony. 

In the field of telephony, there are terminal 
administrating systems which comprise a first onboard 
security module within an administration server and 
second security modules generally onboard the above- 
mentioned terminals. The terminals are so-called public 
payphones . 

A second security module guarantees the validity of 
a user card inserted into a public payphone, in 
particular by authenticating said card. For that 
purpose, the second security module comprises in its 
first memory secret data allowing said validity of user 
cards to be guaranteed. The public payphone 
administration systems as well as a secret data are 
managed by telephone companies. In order to reduce the 
risk of forgery consisting in tapping a communication 
network between the server and the public payphones and 
therefore to uncover said secret data, telephone 
companies are led to regularly modify all or part of the 
secret data in a second security module within a public 
payphone, based on secret data contained in a file in 
the first security module. 

A known method of the art comprises steps of: 
- encrypting the first security module's secret 
data which are to be transmitted to the second security 
module and reside in the managing server, 
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- causing the public payphone to connect to the 
administrating server when there is no ongoing call, 

transmitting the secret data to the second 
security module within the public payphone. 
5 When the public payphone connects to the 

administrating server, it is unavailable to any user, so 
that this connection generally occurs during the night. 
The data exchange is done in the so-called "off-line" 
disconnected mode. 

10 In order to diversify the transmissions of secret 

data, a pseudo-random piece of data is used based on the 
value of a counter in the second security module. On 
each secret data exchange, the counter value is 
incremented, and the first security module has to know 

15 the value of said counter and increment a local counter 
dedicated to the second module. 

Although this method allows secret data to be 
loaded between first and second security modules, it 
requires heavy data base administration for ensuring 

20 proper synchronization of the different counters. 
Specifically, track must be kept of all exchanges 
carried out with a second security module. Moreover, 
this method does not ensure a perfectly diversified data 
exchange . 

25 Thus, a technical problem to be solved by the 

present invention is to provide a method of secure 
loading of secret data from a first security module to 
at least one second security module, wherein said first 
module comprises at least one secret data file, said 

3 0 second module comprises a first non-volatile memory and 
a second volatile memory that would ensure a perfectly 
diversified data exchange between first and second 
security modules in the off-line mode while avoiding 
excessive data base management. 

35 According to the present invention, a solution to 

the technical problem posed is such as the loading 
method comprises the steps of: 
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- generating at least one random data item within 
the second memory in the second module, 

- recording information comprising said random data 
item within a first memory of the second module, 

5 - sending the random data item to the first module, 

- within the first module, encrypting a secret data 
item of the file in said first module based on the 
random data item and an encryption algorithm, 

- sending said encrypted secret data item to the 
10 second module, 

- transferring information comprising the random 
data item stored in the first memory of the second 
module, from said first memory to the second memory of 
said module, 

15 - decrypting said encrypted secret data item based 

on a decryption algorithm and the random data item and 
recording, within the second module said decrypted 
secret data item. 

Thus, as shown in detail below, the loading method 

20 according to the present invention allows, by using a 
random data item for loading secret data, to improve 
data loading security by perfectly diversifying the 
transmitted data. Thus, a defrauder spying on the 
communication network and collecting the transmitted 

25 data will never be able to obtain the same encrypting 
value and therefore will never be able to uncover any 
secret relating to the transmitted secret data. In 
addition, recording the random data item within a non- 
volatile memory in the second security module, allows it 

3 0 to be used in the "off-line" mode, since said random 
data item is not lost when said second security module 
is turned off . 

Other features and advantages of the invention will 
become apparent in the following description of 

35 preferred embodiments of the present invention, which 
are provided by way of non limiting examples in 
reference to the appended figures. 



- 4 - 



, Figure 1 is a view of a first security module and 

several second security modules . 

Figure 2 is a diagram showing the first module and 
the second module of Figure 1 . 
5 Figure 3 is a diagram showing a data exchange 

between the first module and the second module of Figure 
2 . 

Figure 4 is a diagram showing a first data exchange 
between the first module and the second module of Figure 
10 2 . 

Figure 5 is a diagram showing a third data exchange 
between the first module and the second module of Figure 
2 . 

In Figure 1, there is shown a first security module 

15 S and several second security modules SAM, each second 
module SAM comprising a first non-volatile memory Ml and 
a second volatile memory M2 referred to as the work 
memory. Figure 2 shows the first module S and a second 
module SAM. The first module S includes at least one 

20 file EFl storing secret data DATA and an encrypting 
algorithm ALGO. A secret data file is generally 
associated with a given telephone company. The second 
module SAM comprises a decryption algorithm ALGOP which 
is the reverse of the encryption algorithm ALGO, and 

25 secret data DATA. 

In order to change a secret data item within the 
second module SAM, a secret data item has to be loaded 
from the file EFl within the first security module S. 
The loading operation should be performed in a secure 

3 0 way. The secret data item is thus transmitted after 
encryption. The loading phase comprises several steps, 
as described below. 

In a first step, at least one random data item RAND 
is generated within volatile memory M2 of the second 

3 5 module SAM. 

In a second step, as shown in Figure 3, information 
INFO comprising said random data item RAND is recorded 
into non-volatile memory Ml of the second module SAM. A 



- 5 - 



memory location within said non-volatile memory Ml is 
set aside for that purpose and is set to its default 
initialization value V. 

In a first embodiment, information INFO, which 
5 comprises said random data item RAND, includes an index 
pertaining to a secret data item DATA. This index can 
for example be the number of a secret piece of data to 
be modified or and index of a memory location where a 
secret data item should be loaded into a second module 

10 SAM. Thus, when the second module SAM is turned-off for 
power saving reasons, the random data item RAND and its 
associated information are not lost. 

In a third step, the random data item RAND is sent 
to the first module. It should be noted that the second 

15 and third steps are interchangeable. 

In order to reduce the number of accesses to the 
second module SAM, generating and sending the random 
data item RAND as well as recording information INFO 
into the second module SAM, are carried out by means of 

20 a first command ASKLOADING. This first command is sent 
by the administrating server to the second module SAM 
via the public payphone (not shown) . 

In a fourth step, in the first module S, the secret 
data item DATA in file EFl to be transmitted to the 

25 second module SAM is encrypted. This encryption 
comprises an encryption step using the encryption 
algorithm ALGO and the random data item RAND. Using the 
random data item RAND avoids having the same encryption 
value for a secret data item DATA. Thus, is will be 

30 difficult for a defrauder to find any relation between 
the different data items transmitted over the 
communication network since they are different from one 
transmission to the next. The encryption can also 
comprise, on the one hand, a step of signing the secret 

35 data item DATA based on the random data item RAND and, 
on the other hand, a step of certifying the transmitted 
data. The signature step allows the authenticity of the 
loaded secret data item DATA to be checked and the 
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certificate allows transmitted data integrity to be 
checked . 

In a fifth step, as shown in Figure 4, said 
encrypted secret data item DATAC is sent to the second 
5 module SAM. 

In a sixth step, information INFO, comprising the 
random data item RAND stored in non-volatile memory Ml 
of the second module SAM, is transferred from said 
memory Ml to the work memory M2 of said module SAM. 
10 Thus, the random data item RAND which was used for 
encrypting the secret data item DATA, as well as its 
associated information, are recovered from work memory 
M2 . 

Duplicating the random data item RAND and its 
15 associated information into two different memories of 
the second module SAM may lead to discrepancies within 
said module and security issues. Therefore, only one set 
of information INFO is kept in the second module SAM. 
For that purpose, after recording information INFO, 
2 0 which comprises said random data item RAND within the 
first memory Ml of the second module SAM (Figure 3) , the 
information INFO stored in the second memory M2 of said 
second module SAM is deleted. Similarly, after 
transferring information INFO comprising the random data 
25 item RAND from the first memory Ml of the second module 
SAM into the second memory M2 of said module (Figure 4) , 
information INFO stored within the first memory Ml is 
deleted. 

Finally, in a last step, said encrypted secret data 
30 item DATAC is decrypted based on the decryption 
algorithm ALGOP of the second module SAM and on the 
random data item RAND, and said decrypted secret data 
item DATA is recorded into the second module SAM. 

In order to reduce the number of accesses to the 
35 second module SAM, the steps of transferring information 
INFO, decrypting secret data item DATA within the second 
module SAM and recording are performed by means of a 
second command ADMINRECOVER . This second command is sent 



by the administrating server to the second module SAM 
via the public payphone (not shown) . In case a fault 
occurs during the loading operation or at the end of 
said loading operation, the memory location within non- 
volatile memory Ml where information INFO comprising the 
random data item RAND is stored, is reset to its 
initialization value V. If a fault has occurred, another 
random data item RAND is generated and the different 
steps of the above-described method are performed again. 
When the second ADMINRECOVER command is sent, it is 
checked whether a random data item RAND has been 
generated and recorded. Thus, it is checked whether the 
memory location of the first non-volatile memory Ml in 
the second module SAM, dedicated to the random data item 
RAND, contains the initialization value V. If it does, 
the second ADMINRECOVER command is executed. In the 
opposite case, it is not executed and the first step of 
the method is performed. 

Generally, a second SAM module will manage 
different types of user cards and therefore comprise 
several secret data items associated with each type of 
user card, a card type generally corresponding to a 
given company, that provides said cards. Usually, it is 
desirable to be able to modify the set of secret data 
item DATA associated with a given card type. In this 
case, the first steps of the method according to the 
invention as described above are performed, but are 
applied to all of the secret data item DATA to be 
modified. Thus, several random data item RAND are 
generated within the second memory M2 of the second 
module SAM and the information INFO comprising the 
generated random data item RAND is recorded after each 
generation of a random data item RAND. As shown in the 
example of Figure 5, three random data items RANDl, 
RAND2 and RAND3 are generated within the second module 
SAM and are recorded into non-volatile memory Ml of said 
module. Accordingly, the three generated random pieces 
of data are sent to the first module SI in the 
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administrating server. Three secret data items DATAl, 
DATA2 and DATA3 residing in file EFl in the first module 
F are encrypted and correspond to the three secret data 
items to be modified within the second module SAM. They 
5 are matched, for example, by means of three indices (1, 
2 and 3) of secret data sent at the same time as the 
three random data items RAND. Finally, for transmitting 
the three secret data items DATAl , DATA2 and DATA3 , in 
said second module SAM, the steps of the method 

10 according to the invention as described above are all 
performed from the fifth step for each secret data item 
to be loaded or for the whole set of secret data as in 
the previous steps. 

Therefore, according to a first embodiment for 

15 loading several data items as described above, on each 
loading operation, a random data item RAND is used for 
loading a secret data item DATA. According to a second 
embodiment, in order to reduce the time required for 
loading the secret data, on each loading operation, a 

2 0 unique random data item RAND is used for loading several 
secret data items DATA. 

Of course, the present invention is not restricted 
to the field of telephony, and can be applied to other 
fields wherein a data exchange system is implemented 

25 between a centralized module storing secret data and 
remote modules adapted to receive such secret data. 
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CIiAIMS 

1 . A method for secure loading of secret data from 
a first security module (S) to at least one second 
security module (SAM) , wherein said first module (S) 

5 comprising at least one file (EFl) of secret data 
(DATA) , said second module (SAM) comprises a first non- 
volatile memory (Ml) and a second volatile memory (M2) , 
characterized in that it comprises the steps of: 

- generating at least one random data item (RAND) 
10 within the second memory (M2) in the second module 

(SAM) , 

recording information (INFO) comprising said 
random data item (RAND) within the first memory (Ml) of 
the second module (SAM) , 
15 - sending the random data item (RAND) to the first 

module (S) , 

- within the first module (S) , encrypting a secret 
data item (DATA) in the file (EFl) of said first module 
(S) based on the random data item (RAND) and an 

2 0 encryption algorithm (ALGO) , 

- sending said encrypted secret data item (DATAC) 
to the second module (SAM) , 

transferring information (INFO) comprising the 
random data item (RAND) stored in the first memory (Ml) 
25 of the second module (SAM) , from said first memory (Ml) 
to the second memory (M2) of said module (SAM) , 

decrypting said encrypted secret data item 
(DATAC) , based on a decryption algorithm (ALGOP) and the 
random data item (RAND) , and recording, within the 
30 second module (SAM) , said decrypted secret data item 
(DATA) . 

2 . A method according to one of the preceding 
claims, characterized in that it comprises a further 

35 step of: 

after transferring the information (INFO) 
comprising the random data item (RAND) from the first 
memory (Ml) of the second module (SAM) in the second 
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memory (M2) of said module, erasing said information 
(INFO) from said first memory (Ml) . 

3 . A method according to any one of the preceding 
5 claims, characterized in that it comprises a further 

step of: 

after transferring the information (INFO) 
comprising the random data item (RAND) from the first 
memory (Ml) of the second module (SAM) in the second 
10 memory (M2) of said module erasing said information 
(INFO) from said first memory (Ml) . 

4 . A method according to any one of the preceding 
claims, characterized in that the steps of generating 

15 and sending the random data item (RAND) as well as 
recording the information (INFO) in the second module 
(SAM) , are performed by means of a first command 
(ASKLOADING) . 

20 5. A method according to any one of the preceding 

claims, characterized in that the steps of transferring 
information (INFO) decrypting the secret data item 
(DATA) in the second module (SAM) and recording are 
performed by means of a second command (ADMINRECOVER) . 

25 

6 . A method according to any one of the preceding 
claims, characterized in that the information (INFO) 
which comprises said random data item (RAND) , comprises 
an index relating to a secret data item (DATA) . 

30 

7 . A method according to any one of the preceding 
claims, characterized in that several random data items 
(RAND) are generated in the second memory (M2) of the 
second module (SAM) and, after each random data item 

35 (RAND) generation, information (INFO) comprising the 
generated random data item (RAND) is recorded in the 
first memory (Ml) of the second module (SAM) . 



- 11 - 



8. A method according to any one of the preceding 
claims, characterized in that, on each loading 
operation, a random data item RAND is used for loading a 
secret data item DATA. 

9. A method according to any one of claims 1 to 7, 
characterized in that, on each loading operation, a 
unique random data item RAND is used for loading several 
secret data items DATA. 
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